I've been contracting at Microsoft for about six weeks now. I haven't seen any overt discrimination against orange badges, other than my working space: I'm in a cube, and it seems most blues have offices, though I do know some oranges with offices as well. Doesn't really matter to me, I just need a place to jack in my laptop.
I have access to the same break room with the fridge full of drinks, tea, coffee, etc. as blue badges do. I park in the same lot, I walk in the same door, I eat at the same cafes.
Some have commented that oranges aren't involved in team meetings, but to me that is a blessing. Less management overhead = more time to get my work done, less stress about dealing with politics and beaurocracy. And the beaurocracy here is huge. I process security-related tickets, and the process is very complicated. About 90% of my brain-time is spent dealing with the system and the remaining 10% on the actual technical aspects of my job.
It's not the most engaging or exciting work I've ever done, but the hours are great, the benefits from my company good, and it pays well. That's all good for the home life, so I can take my daughter to daycare every morning and pick her up at night, and we can have dinner every evening as a family (at a reasonable hour).
But if you told me that this would be my job for the next 10, or even five or three years, I'd start looking for a better gig immediately--I don't think I could put up with the repetition and monotony of the tasks for that long.
I respect Howard's desire to participate in more of a community as an orange badge, but it isn't compelling to me. Unlike past jobs, this is just that, a job. My goal isn't to join the ranks of the blues, and to be honest, after getting a glimpse of the internal politics and beaurocracy here, I don't know that I'd accept a full-time position.
You don't understand IPv6 address allocation policy. ISPs are generally given a/32 from a Regional Internet Registry (e.g., ARIN for North America), and from that/32, assign/48s to customers. Customers then assign/64s to individual networks from their/48, given them 16 bits=64k subnets to play with.
So, the smallest prefix that will be assigned to a single network is a/64. Let's say that a hacker infects a computer on that network, and wants to start scanning other "nearby" computers to infect. Theoretically, he has 2^64 addresses to scan. Have a few million years?
Let's say our hacker is smart, and knows something about how IPv6 creates interface identifiers, those last 64 bits of an IPv6 address. IPv6 stateless autoconfiguration uses the EUI-64 format to create IDs, by taking a 48-bit MAC address, inserting FF:FE into the middle of it, and flipping the universe/local bit. So, if we eliminate the known bits (FF, FE, plus the u/l bit), we can reduce our search space to 2^64-17=2^47. Still too large.
But wait! Since the interface ID is created using a 48-bit MAC, we might be able to reasonably assume what the OUI is, based on the company we're attacking. If it's HP, for example, we can assume that employess will be using HP gear, and thus we can only scan a set of OUIs assigned to HP. So, that removes 24 bits from our scanning space, leaving us with 2^47-24=2^23 addresses. Better, but still way too big to scan within a reasonable time frame.
If you're a home user, then your OUI will be likely random, and the scanning space is back up to 2^47. And of course, if you're using Windows, Microsoft will create a privacy address for each IPv6 network prefix configured on the local network, which means we're back up to 64 random bits to scan.
No, I think random address scanning in IPv6 will be a non-starter for most worms.
Slashdot Mirror
I have access to the same break room with the fridge full of drinks, tea, coffee, etc. as blue badges do. I park in the same lot, I walk in the same door, I eat at the same cafes.
Some have commented that oranges aren't involved in team meetings, but to me that is a blessing. Less management overhead = more time to get my work done, less stress about dealing with politics and beaurocracy. And the beaurocracy here is huge. I process security-related tickets, and the process is very complicated. About 90% of my brain-time is spent dealing with the system and the remaining 10% on the actual technical aspects of my job.
It's not the most engaging or exciting work I've ever done, but the hours are great, the benefits from my company good, and it pays well. That's all good for the home life, so I can take my daughter to daycare every morning and pick her up at night, and we can have dinner every evening as a family (at a reasonable hour).
But if you told me that this would be my job for the next 10, or even five or three years, I'd start looking for a better gig immediately--I don't think I could put up with the repetition and monotony of the tasks for that long.
I respect Howard's desire to participate in more of a community as an orange badge, but it isn't compelling to me. Unlike past jobs, this is just that, a job. My goal isn't to join the ranks of the blues, and to be honest, after getting a glimpse of the internal politics and beaurocracy here, I don't know that I'd accept a full-time position.
You don't understand IPv6 address allocation policy. ISPs are generally given a /32 from a Regional Internet Registry (e.g., ARIN for North America), and from that /32, assign /48s to customers. Customers then assign /64s to individual networks from their /48, given them 16 bits=64k subnets to play with.
So, the smallest prefix that will be assigned to a single network is a /64. Let's say that a hacker infects a computer on that network, and wants to start scanning other "nearby" computers to infect. Theoretically, he has 2^64 addresses to scan. Have a few million years?
Let's say our hacker is smart, and knows something about how IPv6 creates interface identifiers, those last 64 bits of an IPv6 address. IPv6 stateless autoconfiguration uses the EUI-64 format to create IDs, by taking a 48-bit MAC address, inserting FF:FE into the middle of it, and flipping the universe/local bit. So, if we eliminate the known bits (FF, FE, plus the u/l bit), we can reduce our search space to 2^64-17=2^47. Still too large.
But wait! Since the interface ID is created using a 48-bit MAC, we might be able to reasonably assume what the OUI is, based on the company we're attacking. If it's HP, for example, we can assume that employess will be using HP gear, and thus we can only scan a set of OUIs assigned to HP. So, that removes 24 bits from our scanning space, leaving us with 2^47-24=2^23 addresses. Better, but still way too big to scan within a reasonable time frame.
If you're a home user, then your OUI will be likely random, and the scanning space is back up to 2^47. And of course, if you're using Windows, Microsoft will create a privacy address for each IPv6 network prefix configured on the local network, which means we're back up to 64 random bits to scan.
No, I think random address scanning in IPv6 will be a non-starter for most worms.